BugTraq
Back to list
|
Post reply
[MajorSecurity #10]i.List <= 1.5 - XSS
Jun 08 2006 05:45PM
admin majorsecurity de
[MajorSecurity #10]i.List <= 1.5 - XSS
----------------------------------------
Software: i.List
Version: <=1.5
Type: XSS
Date: June, 8th 2006
Vendor: Skoom
Page: http://skoom.de
Credits:
-------------------------------
David 'Aesthetico' Vieira-Kurz
http://www.majorsecurity.de
Affected Products:
-------------------------------
i.List 1.5 and prior
Description:
-------------------------------
i.List is a php/mysql TOPLIST script.
Requirements:
-------------------------------
register_globals = On
Vulnerability:
-------------------------------
Input passed to the Inputbox in "search.php", the 'URL' inputbox
and 'ButtonURL' in "add.php" is not properly filtered and verified, before it is used.
This can be exploited to execute evil XSS-code.
Solution:
-------------------------------
Edit the source code to ensure that input is properly sanitised.
Set "register_globals" to "Off".
Exploitation:
-------------------------------
In the inputbox of /search.php:
Search for: <script>alert("MajorSecurity")</script>
In the inputbox 'URL' of add.php:
Type in as URL: <script>alert("MajorSecurity")</script>
In the inputbox 'ButtonURL' of add.php:
Type in as URL: <script>alert("MajorSecurity")</script>
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
----------------------------------------
Software: i.List
Version: <=1.5
Type: XSS
Date: June, 8th 2006
Vendor: Skoom
Page: http://skoom.de
Credits:
-------------------------------
David 'Aesthetico' Vieira-Kurz
http://www.majorsecurity.de
Affected Products:
-------------------------------
i.List 1.5 and prior
Description:
-------------------------------
i.List is a php/mysql TOPLIST script.
Requirements:
-------------------------------
register_globals = On
Vulnerability:
-------------------------------
Input passed to the Inputbox in "search.php", the 'URL' inputbox
and 'ButtonURL' in "add.php" is not properly filtered and verified, before it is used.
This can be exploited to execute evil XSS-code.
Solution:
-------------------------------
Edit the source code to ensure that input is properly sanitised.
Set "register_globals" to "Off".
Exploitation:
-------------------------------
In the inputbox of /search.php:
Search for: <script>alert("MajorSecurity")</script>
In the inputbox 'URL' of add.php:
Type in as URL: <script>alert("MajorSecurity")</script>
In the inputbox 'ButtonURL' of add.php:
Type in as URL: <script>alert("MajorSecurity")</script>
[ reply ]